启动支持三个网络的Docker容器:默认网桥(OAM),网桥(数据输入)和MacVLAN(数据输出)。问题在于Docker Provider似乎在Default Bridge上设置了所有定义的端口。如何告诉Terraform将已定义的端口绑定到特定的Docker网络?
.tf文件摘要:
ports {
# Data-In (Bridge)
internal = 881
external = 881
}
ports {
# SSH Access on Default Bridge
internal = 22
external = 222
}
networks_advanced {
name = "bridge"
}
networks_advanced {
name = "data-in-net"
}
networks_advanced {
name = "data-out-net"
}
Docker网络:
# docker network list
NETWORK ID NAME DRIVER SCOPE
1c2441b0b530 bridge bridge local
c68892f0c6e5 host host local
bb45d9dcbad1 none null local
a318d3bf3075 data-out-net macvlan local
af806334c7bf data-in-net bridge local
端口222有效,而端口881不起作用。
运行Docker的主机操作系统中的IPTable:
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:9000
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:8000
ACCEPT tcp -- anywhere 192.168.32.2 tcp dpt:601
ACCEPT udp -- anywhere 192.168.32.2 udp dpt:syslog
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:881
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:https
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:ssh
tcp dpt:881行的目的地必须为192.168.32.3。 syslog容器仅使用Data-In Docker网络,因此具有正确的IP地址。
任何建议/解决方法??谢谢! :)